Displays the properties of a domain controller defined in the directory. There are three variations of this command. The first variation displays the general properties of a domain controller that you specify. The second variation displays a list of the security principals that own the largest number of directory objects on the domain controller that you specify. The third variation displays the distinguished names of the directory partitions on the server that you specify.

Dsget is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS server role installed. To use dsget, you must run the dsget command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsget server <ServerDN> [-dn] [-desc] [-dnsname] [-site] [-isgc] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
dsget server <ServerDN> [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-topobjowner <Display>]
dsget server <ServerDN> [{-s <Server> | -d <Domain>}][-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}][-part <PartitionDN>]

Parameters

Parameter Description

<ServerDN>

Required. Specifies the list of server object distinguished names to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.

-dn

Displays the distinguished names of the servers.

-desc

Displays the descriptions of the servers.

-dnsname

Displays the Domain Name System (DNS) host names of the servers.

-site

Displays the site name to which the server belongs.

-isgc

Displays whether a server is a global catalog server (yes) or not (no).

{-s <Server>| -d <Domain>}

Connects a computer to a remote server or domain that you specify. By default, dsget connects the computer to the domain controller in the logon domain.

-u <UserName>

Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

  • user name (for example, Linda)

  • domain\user name (for example, widgets\Linda)

  • user principal name (UPN) (for example, Linda@widgets.contoso.com)

-p {<Password> | *}

Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsget prompts you for a password.

-c

Reports errors, but continues with the next object in the argument list when you specify multiple target objects (continuous operation mode). If you do not supply this parameter, dsget exits when the first error occurs.

-q

Suppresses all output to standard output (quiet mode).

-l

Displays entries in a list. By default, dsget displays entries in a table.

{-uc| -uco| -uci}

Specifies that dsget formats output or input data in Unicode. The following table lists and describes each format.

Value Description

-uc

Specifies a Unicode format for input from or output to a pipe (|).

-uco

Specifies a Unicode format for output to a pipe (|) or a file.

-uci

Specifies a Unicode format for input from a pipe (|) or a file.

-part <PartitionDN>

Connects to the directory partition with the distinguished name of PartitionDN.

-topobjowner <Display>

Displays a sorted list of the security principals (such as users, computers, security groups, and inetOrgPersons) that own the largest number of directory objects across all directory partitions on the server and the number of directory objects that they own. The number of accounts to display in the list is specified by Display. To display all object owners, use 0 as the value of this parameter. If you do not specify Display, the number of principals that this parameter lists is 10 by default.

/?

Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, dsget obtains the target object from standard input (stdin). Dsget can accept stdin from the keyboard, from a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use dsget to view the properties of a specific object in the directory.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.

  • If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=My Server,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Contoso,DC=Com".

  • If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.

  • If either -part or -topobjowner is specified, they override any other specified parameters, so that only the results of the -part or -topobjowner parameter are shown.

Examples

To find all domain controllers for domain widgets.contoso.com and then display their DNS host names and site names, type:

dsquery server -domain widgets.contoso.com | dsget server -dnsname -site

To see if a domain controller named DC1 is also a global catalog server, type:

dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Contoso,DC=Com -isgc

To show the distinguished names of the directory partitions on a domain controller named DC1, type:

dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Contoso,DC=Com -part

To show the top five security principals that own the most objects on the domain controller DC1.widgets.contoso.com, type:

dsget server CN=DC1,CN=widgets,DC=Contoso,DC=com -topobjowner 5